AC_AZURE_0219 | Ensure that only Azure integrated certificate authorities are in use for issuing certificates used in Azure Key Vault Certificate | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0574 | Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service - azurerm_windows_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0576 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0588 | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_GCP_0011 | Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days | GCP | Security Best Practices | LOW |
AC_AWS_0034 | Ensure CloudTrail is enabled in all regions | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0555 | Ensure IAM instance roles are used for AWS resource access from instances | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0570 | Ensure a log metric filter and alarm exist for route table changes | AWS | Security Best Practices | HIGH |
AC_GCP_0278 | Ensure Oslogin Is Enabled for a Project - google_compute_instance | GCP | Security Best Practices | LOW |
AC_GCP_0312 | Ensure That Cloud DNS Logging Is Enabled for All VPC Networks | GCP | Logging and Monitoring | MEDIUM |
AC_GCP_0323 | Ensure Compute Instances Are Launched With Shielded VM Enabled | GCP | Infrastructure Security | LOW |
AC_GCP_0272 | Ensure shielded nodes are enabled for all nodes in Google Container Cluster | GCP | Infrastructure Security | LOW |
AC_GCP_0229 | Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK) | GCP | Data Protection | MEDIUM |
AC_GCP_0230 | Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible | GCP | Identity and Access Management | HIGH |
AC_GCP_0252 | Ensure That the 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On' | GCP | Compliance Validation | LOW |
AC_GCP_0258 | Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off' | GCP | Compliance Validation | LOW |
AC_AWS_0076 | Ensure point-in-time-recovery (PITR) is enabled for AWS DynamoDB tables | AWS | Resilience | MEDIUM |
AC_AWS_0230 | Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports | AWS | Infrastructure Security | HIGH |
AC_AWS_0427 | Ensure hardware MFA is enabled for the "root user" account | AWS | Compliance Validation | HIGH |
AC_GCP_0040 | Ensure That Instances Are Not Configured To Use the Default Service Account | GCP | Identity and Access Management | HIGH |
AC_AZURE_0243 | Ensure that LocalGit repository folder is not set to 'wwwroot' for Azure App Service | Azure | Configuration and Vulnerability Analysis | HIGH |
AC_AZURE_0250 | Ensure integration service environment are used for deployment of Azure Logic App Workflow | Azure | Security Best Practices | LOW |
AC_AZURE_0251 | Ensure key size is set on all keys for Azure Key Vault Key | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0277 | Ensure tags are associated with Azure CosmosDB Account | Azure | Compliance Validation | LOW |
AC_AZURE_0289 | Ensure HTTP application routing has been disabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | HIGH |
AC_AZURE_0296 | Ensure that failed request tracing is enabled for Azure App Service | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0540 | Ensure `force_password_change` is set to true for AzureAD User | Azure | Identity and Access Management | HIGH |
AC_GCP_0029 | Ensure stackdriver monitoring is enabled on Google Container Cluster | GCP | Logging and Monitoring | HIGH |
AC_K8S_0074 | Ensure kernel and system level calls are not configured in all Kubernetes workloads | Kubernetes | Identity and Access Management | MEDIUM |
AC_AWS_0021 | Ensure Amazon Simple Notification Service (SNS) is enabled for CloudFormation stacks | AWS | Security Best Practices | MEDIUM |
AC_AWS_0022 | Ensure termination protection is enabled for AWS CloudFormation Stack | AWS | Security Best Practices | MEDIUM |
AC_AWS_0024 | Ensure there is no policy with invalid principal key for Amazon Elastic Container Registry (Amazon ECR) | AWS | Identity and Access Management | LOW |
AC_AWS_0043 | Ensure temporary passwords are not valid for more than 90 days | AWS | Identity and Access Management | MEDIUM |
AC_AWS_0063 | Ensure delete protection is enabled for Amazon Relational Database Service (Amazon RDS) Instances | AWS | Resilience | MEDIUM |
AC_AWS_0073 | Ensure KMS customer managed keys are used for encryption of AWS DocumentDB Clusters | AWS | Data Protection | MEDIUM |
AC_AWS_0074 | Ensure log export is enabled for AWS DocumentDB clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0077 | Ensure read-write capacities are reserved for AWS DynamoDB tables | AWS | Compliance Validation | MEDIUM |
AC_AWS_0100 | Ensure control plane logging is enabled for all log types for AWS Elastic Kubernetes Service (EKS) clusters | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0102 | Ensure redis version is compliant with AWS PCI-DSS requirements for AWS ElastiCache clusters | AWS | Compliance Validation | HIGH |
AC_AWS_0103 | Ensure memcached elasticache engines are not in use in AWS PCI-DSS environments for AWS ElastiCache clusters | AWS | Compliance Validation | HIGH |
AC_AWS_0107 | Ensure dedicated master nodes are enabled for AWS ElasticSearch Domains | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0108 | Ensure general purpose SSD node type is not used for AWS ElasticSearch Domains | AWS | Compliance Validation | HIGH |
AC_AWS_0122 | Ensure connection draining is enabled for AWS ELB | AWS | Resilience | MEDIUM |
AC_AWS_0169 | Ensure there are no URL references used in base64 encoded value of AWS Launch Configuration | AWS | Data Protection | HIGH |
AC_AWS_0176 | Ensure active/standby deployment mode is used for AWS MQ Brokers | AWS | Resilience | MEDIUM |
AC_AWS_0185 | Ensure external principals are allowed for AWS RAM resources | AWS | Data Protection | MEDIUM |
AC_AWS_0189 | Ensure Aurora Serverless AutoPause is enabled for Amazon Relational Database Service (Amazon RDS) clusters | AWS | Compliance Validation | MEDIUM |
AC_AWS_0395 | Ensure logging is enabled for AWS API Gateway Method Settings | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0443 | Ensure log exports has been enabled for AWS Neptune cluster | AWS | Logging and Monitoring | MEDIUM |
AC_AWS_0467 | Ensure CORS is configured to prevent sharing across all domains for AWS API Gateway V2 API | AWS | Security Best Practices | MEDIUM |